'Italian Job' trojan could lead to future localised attacks

By

Security researchers said today that the recent MPACK-aided trojan attack is a sign that future mass-attacks may become increasingly localised.

'Italian Job' trojan could lead to future localised attacks
The MPACK delivery device for malware was used to propagate trojan attacks this month, mostly affecting users in Italy.

Dave Cole, director of Symantec Security Response, told SCMagazine.com that MPACK-related attacks are unique both for their use of existing websites and regional nature.

"If [attackers] are using an existing site where there is already traffic, people expect that the site is benign and they’re not expecting(an attack)," he said.

"The other big ticket thing is that historically, threats have been global in nature…if you look at this attack, it was really limited to Italy. A lot of these more deceptive attacks have pushed the threat to where it’s really more regional."

Ken Dunham, director of the rapid response team at VeriSign iDefense, said on Wednesday that a Russian underground hacker named $ash was selling the MPACK device for between US$500 and US$1,000.

The hacking tool exploits a number of Windows flaws and claims a 50 per cent success rate in silent attacks launched against web browsers, according to Dunham.

"The Russian Business Network (RBN) is one of the most notorious criminal groups on the internet today. A recent MPACK attack installed Torpig malicious code hosted on an RBN server.

RBN is closely tied to multiple attacks including Step57.info cPanel exploitation, VML, phishing, child pornography, Torpig, Rustock and many other criminal attacks to date," he said. "Nothing good ever comes out of the Russian Business Network net block."

Researchers said the attack infected nearly 10,000 websites by Monday.

Commonly referred to as the "Italian Job" trojan due to the majority of infected pages being hosted in Italy, the malware downloads a keylogger designed to steal banking and confidential information through a wide range of web-infection downloads.

Randy Abrams, director of technical education at ESET told SCMagazine.com that users and administrators must keep their systems patched to prevent similar attacks.

"It’s like if you don’t have a lock on your door and you catch a burglar in your house and then you don’t do anything to fix the door.

If users keep their [operating systems] and their applications patched, they’re not going to be impacted by MPACK," he said.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
attackscouldfutureitalianjobleadsecuritytotrojan

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?